Exposed Host - Security risk?

I have a very small customer who has a Sophos UTM. The connection is made via Sophos with PPPoE via a Fritzbox as a modem (PPPoE passthrough). Now a second connection is to be installed, but the customer wants to use the FritzBox Cable as an exposed host, so that the dial-in is not with the Sophos but with the FritzBox.

How do you assess the security risk in such a mode? I am not a fan of this and would like to convince the customer to run the dial-in (PPPoE) via Sophos.

Parents

0 dirkkotte 2 hours ago

A direct Sophos-PPPoE dial in connection isn't more secure than an exposed host.
I would recommend using the FB to do the dial in Job and only forward needed ports.
In this design-variant, the FB works like a packet-filter firewall in front of Sophos.

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 dirkkotte 2 hours ago

A direct Sophos-PPPoE dial in connection isn't more secure than an exposed host.
I would recommend using the FB to do the dial in Job and only forward needed ports.
In this design-variant, the FB works like a packet-filter firewall in front of Sophos.

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data